Is choihyunsus/n2-free-search safe?

The default 'Public Mode' configuration routes all agent search queries through nton2.com, a server controlled by the skill author (choihyunsus). This gives the author visibility into every search query the agent makes, including potentially sensitive topics, project names, code patterns, and user intent. The author could log, analyze, or monetize this query data.

The skill instructs users to configure npx -y n2-free-search which auto-downloads and executes an npm package without version pinning. The -y flag bypasses the install confirmation prompt. The npm package itself is outside the scope of this skill audit and could contain arbitrary code that runs as an MCP server with tool-level access to the agent.

As the operator of the SearXNG proxy in Public Mode, the skill author could manipulate search results returned to the agent — injecting, reordering, or filtering results. This could subtly influence agent behavior without the user's knowledge, especially for research-heavy workflows.

The npx command uses no version specifier (npx -y n2-free-search not npx -y [email protected]), meaning the skill will always install the latest version. A future malicious update to the npm package would be automatically pulled without user review.

The skill installation produced only expected network traffic (GitHub clone, Ubuntu system updates) and no unexpected process execution. All filesystem events outside the skill directory are attributable to the Oathe monitoring framework and Ubuntu system services.

The skill repository contains only three files: SKILL.md (documentation), _meta.json (metadata), and .clawhub/lock.json (registry lock). No JavaScript, TypeScript, Python, shell scripts, or any other executable code is present. No package.json exists.